Jump to content

SQL Injection and @parameters


davej

Recommended Posts

Yes - for example, you may not parameterise everything by mistake, the parameterisation logic may have vulnerabilities in it, your code may allow the pre-parameterisation SQL string to be modified through other means, etc. However, the risk is still probably much reduced.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...